sodinokibi | 2024-03-10_eacf011b488ace6141225c656a7168b4_revil | Triage

Sharing

General

Target

2024-03-10_eacf011b488ace6141225c656a7168b4_revil
Size

123KB
MD5

eacf011b488ace6141225c656a7168b4
SHA1

bcd593ffacd351a80f87733a685296851ddf15b4
SHA256

ac9b52580980993676677a68e4af90ba54f0a65311916f23aad2d54b74b6fc41
SHA512

50fc88a20a80393ee9bf7d23e23621a89fa14f777233e1bd4c22eadc84482c99b2577ec82c572ff5b853f6c861a3061e17e71da9e04b65a39e1c05aa54f5a81a
SSDEEP

1536:7DvcP3LThpshwVC5OE8yNcCQp+2ZZICS4AIjnBR561lQVMr3IgmffEbjQFOxc:y4SVnaNcCM8gnBR5uiV1UvQFOxc

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-03-10_eacf011b488ace6141225c656a7168b4_revil

Files

2024-03-10_eacf011b488ace6141225c656a7168b4_revil
.exe windows:5 windows x86 arch:x86

7ecacfc6f1d64067e0047425ad885408

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
SetErrorMode

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.k797i
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.htext
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE